Hi @ll, the WWW sites msdn.microsoft.com and technet.microsoft.com still support SSLv3 for HTTPS connections, but neither TLSv1.1 nor TLSv1.2. Additionally they prefer the weak ciphers TLS_RSA_WITH_RC4_128_MD5 and TLS_RSA_WITH_RC4_128_SHA and offer not a single cipher that supports "forward secrecy". See resp. and Both sites are hosted on "Microsoft-IIS/8.0" which can handle TLSv1.1 and TLSv1.2 as well as ciphers that support "forward secrecy". The WWW site answers.microsoft.com has the same bad protocol support, but better cipher support, albeit no "forward secrecy". See and The WWW sites support.microsoft.com and support2.microsoft.com support TLSv1.1, TLSv1.2 and PFS, but have SSLv3 still enabled too and have NO mitigation against POODLE. See resp. and OTOH the WWW site connect.microsoft.com (like answers.microsoft.com hosted on "Microsoft-IIS/7.5") supports TLSv1.1, TLSv1.2 and PFS, but has SSLv3 still enabled too. See Finally take a look at the WWW site social.microsoft.com alias social.msdn.microsoft.com alias social.technet.microsoft.com: NO SSLv3, NO weak ciphers, TLSv1.1, TLSv1.2 and PFS enabled. See But even there MSFT could do better and offer ciphers with GCM and PFS! outlook.com alias www.outlook.com has SSLv3 enabled, no mitigation against BEAST and POODLE, and supports weak ciphers with RC4 but no ciphers with GCM! Some of the servers of [www.]outlook.com are even worse than ANY of the above: See , , , and live.com supports weak ciphers with RC4 but no ciphers with GCM! JFTR: compare MSFTs deeds to their following words^Wannouncements: